[VU:306792] Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

Severity Medium

CVEs 1

Overview

Bouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore.

Impact

A BKS file that was created with Bouncy Castle 1.46 or earlier, or 1.49 or later as the "BKS-V1" format will have insufficient protection against bruteforce cracking. This may allow an attacker bypass BKS integrity checking.

Solution

Do not rely on version 1 BKS keystore files BKS version 1 keystore files are not cryptographically sound. A more robust keystore format should be used instead.

Acknowledgements

This vulnerability was reported by Will Dormann of the CERT/CC.

ID

VU:306792

Severity

medium

Severity from

CVE-2018-5382

URL

https://kb.cert.org/vuls/id/306792

Published

2018-03-19T11:35:47
(6 years ago)

Modified

2018-04-04T15:27:54
(6 years ago)

Rights

Other Advisories

MAVEN:GHSA-8477-3V39-GGPM

Source	# ID	Name	URL
			https://www.bouncycastle.org/releasenotes.html
			https://cryptosense.com/blog/bouncycastle-keystore-security/
			https://tools.ietf.org/html/rfc7292#appendix-A

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date